fa4dd78334a5e1b54b3153ce49e3c81cc66e614f8d1e6e6bdb6324c9769a4c11

Analysis

max time kernel
17s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 19:54

Target

fa4dd78334a5e1b54b3153ce49e3c81cc66e614f8d1e6e6bdb6324c9769a4c11.dll
Size

19KB
MD5

851998b5f10cbf3836603ad8a895087e
SHA1

63dc4b1bd107627e015939f4547d79c745419686
SHA256

fa4dd78334a5e1b54b3153ce49e3c81cc66e614f8d1e6e6bdb6324c9769a4c11
SHA512

49d53c4fae45a67a8b29a43bfb7fb1d3099b975c81c01f1fb94522e41d40ddc88b3eb24ffa3e7e29b2644372e13baa88770c56310e221f12dfc2506147cbdfb5
SSDEEP

384:gFCiLbX8CxjZ8+0XpluuXMHuq6TlFhnrM:g3sC8pXPlMOq6zu

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27
PID 976 wrote to memory of 936	976	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa4dd78334a5e1b54b3153ce49e3c81cc66e614f8d1e6e6bdb6324c9769a4c11.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa4dd78334a5e1b54b3153ce49e3c81cc66e614f8d1e6e6bdb6324c9769a4c11.dll,#1
  2⤵
  PID:936

memory/936-55-0x0000000075A81000-0x0000000075A83000-memory.dmp

Filesize
8KB

Download